Industry offers multiple authentication tech for SIPRNet

The Pentagon and industry are exploring adding layers of security and multiple authentication procedures to determine safe access to the U.S. military’s secret network – SIPRNet.

A technology called SafeNet Identity and Data Protection Solutions, engineered by Gemalto, uses Hardware Security Modules (HSM) authentication to add another avenue of identification technology designed to improve network security.

“If you have a CAC card, you've got certificates on there that provide the ID information about who you are, who you work for, and that's a PKI (Public Key Infrastructure) system. It's used for authenticating into the network logically or physically to get into the building or whatever,” said Kirk Spring, CEO of SafeNet Assured Technologies.

Users plug a card into a machine and enter a PIN, allowing the machine to read the certificate information on the token and then sign in to validate identity, Spring explained.

“For SIPRNet, we basically provide our own authentication chip. It is our own product developed in the U.S.,” he said. “Our HSMs provide all the root key protection, so if you think of a master key that protects all the other keys that are in your system, that's what the HSMs predominantly do.”

Gemalto’s SafeNet approach is consistent with what many U.S. military services are currently working on in terms of adding multiple network authentications to increase cybersecurity. Individual validation through various techniques is aimed at both reducing the insider threat and thwarting external cyberattacks.

“I believe multi-factor authentication is going to be a trend you're going to see in the next two to three years, and that's going to be something they're going to be using as a layer in defense,” Spring said.

While Spring emphasized that Gemalto’s SafeNet offering is by no means a cure-all, it could facilitate more secure interoperability between networks.

The idea is to guard a gateway by following rules and policies for what type of data can be shared between two entities, This could include data exchanges between two agencies or secured interoperability between classified and unclassified networks.

"Listen, the CAC card was good when we needed it, but now we need to look at the next-generation technology, and a lot of that I believe is around this multi-factor that I'm talking about,” Spring said.

Increased movement to cloud technologies could both enhance and complicate these security efforts, Spring said. Government agencies and industry are now addressing this through a Cloud Security Alliance Group which is analyzing the double-edge sword offered by the cloud.

In many instances, the cloud reduces the hardware footprint and server infrastructure in a way that can diminish points of entry for various kinds of intrusions such as “phishing” attacks.

At the same time, consolidating hardware and IT networks can also widen the aperture for an attacker to do damage if there is a penetration of some kind. Maximizing the advantages of this kind of phenomenon, while reducing risk, is paramount to emerging multi-factor authentication technologies.